Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2586
Views
5
Helpful
3
Replies

DHCP lease time on Cisco ASA 5506-X

Go to solution
cjvrancea
Level 1
Level 1

‎09-30-2017 04:57 AM - edited ‎03-01-2019 06:10 PM

Hello guys! This is my first post here, so don't be hard on me! Cisco ASA 5506-X with firepower wich I use it for url filtering in my network! I have licenses and so on. How do I make the dhcp lease to stay forever ? 

 

I want that bcause The url filtering is not applied to all computers from network! 

 

Thank you!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to cjvrancea

‎10-02-2017 07:49 AM

If your users all login to AD then you are much better off using AD as your passive identity source and building policies based on username or group instead of IP address.

View solution in original post

3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-30-2017 07:08 AM

Welcome to Cisco Support Community.

 

I'm not quite sure what a DHCP lease has to do with URL filtering. When we use Firepower service module to filter URLs it is usually between zones (like from Inside to Outside) or for entire IP ranges (say all private IP addresses).

 

Can you share a screen shot of your Access Control Policy details showing the URL filtering rule?

 

You should also have a Network Discovery policy setup properly with your HOME_NET and EXTERNAL_NET objects properly defined. I have seen failure to that result in the module trying to learn every host on the Internet and then running out of host entries thus making policy enforcement sporadic.

 

There are some good Cisco Live presentations on the above. Do a search on ciscolive.com for Firepower basics sessions.

0 Helpful

Go to solution
cjvrancea
Level 1
Level 1
In response to Marvin Rhoads

‎10-02-2017 01:02 AM

Hi Marvin! Thanks for the quick reply!

 

I closed the dhcp from asa, and let my windows server to make dhcp! I wand to block acces to certain websites for some people, not for all! So I created two rules :

 

First that trust trafic from certain ip's. and the second one that blocks trafic for all the ip's on certain websites! All seems to work, except the part where I unblock facebook! 

 

Thank you! 

 

PS: I wanted a forever lease time so that computers wich are allowed to acces internet don't change ip after XXX days!

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to cjvrancea

‎10-02-2017 07:49 AM

If your users all login to AD then you are much better off using AD as your passive identity source and building policies based on username or group instead of IP address.

Customers Also Viewed These Support Documents